PathBuf::push allows any form of path traversal:

#
let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push(user_input);
assert_eq!(filename, PathBuf::from("/etc/shadow"));

Contrary <PathBuf as PushPathComponent>::push_component requires a path with only a single element.

use std::path::PathBuf;
use path_ratchet::prelude::*;

let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push_component(SingleComponentPath::new(user_input).unwrap());

Security

It is essential to check the path on the same platform it is used on. As an example the path C:\path\to\file.txt will be interpreted as a file or directory name on an UNIX-system.

SingleComponentPath::new(r"C:\path\to\file.txt").unwrap();

Path Ratchet

Prevent path traversal attacks at type level.

use std::path::PathBuf;
use path_ratchet::prelude::*;

let user_input = "/etc/shadow";
let mut filename = PathBuf::from("/tmp");
filename.push_component(SingleComponentPath::new(user_input).unwrap());